Administrator
/
Splunk_Docker
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'main'
${ noResults }
Splunk_Docker/files/splunkbeta/bin/genRootCA.sh

81 lines
2.3 KiB
Raw Permalink Blame History

#!/bin/sh
SCRIPT_LOCATION=`dirname "$0"`
eval `"$SCRIPT_LOCATION/splunk" envvars`
usage() {
echo "Usage: getSignedServerCert.sh "
echo ""
echo " -d <CERT_DIR> Where to store the root CA. /opt/splunk/etc/certs REQUIRED"
echo ""
echo " -l <KEYLEN> Length of RSA key to generate. OPTIONAL"
echo ""
echo ""
exit 1
}
PROMPT=1
KEYLEN=2048
while getopts d:l:p OPTION
do
case "${OPTION}" in
d) CERTDIR="$OPTARG";;
l) KEYLEN="$OPTARG";;
p) PROMPT=0;;
\?) usage;;
esac
done
if [ "x$CERTDIR" = "x" ]; then
echo "You must specify where your certificates are to be stored"
echo ""
usage
fi
cd "$CERTDIR"
if [ -f ca.pem ]; then
echo "There is ca.pem in this directory. If you choose to replace the CA then splunk servers will require "
echo "new certs signed by this CA before they can interact with it."
echo "Do you wish to replace the CA ? [y/N]"
read CONTINUE
if [ "$CONTINUE" = "y" -o "$CONTINUE" = "Y" ]; then
rm cacert.pem
rm ca.pem
else
echo "Opted not to replace ca. Aborting."
exit
fi
fi
echo "This script will create a root CA"
echo "It will output two files. ca.pem cacert.pem"
echo "Distribute the cacert.pem to all clients you wish to connect to you."
echo "Keep ca.pem for safe keeping for signing other clients certs"
echo "Remember your password for the ca.pem you will need to later to sign other client certs"
echo "Your root CA will expire in 10 years"
#generate the root key.
if [ $PROMPT = 0 ]; then
# Create a certificate and signing request
openssl req -newkey rsa:$KEYLEN -sha256 -keyout cakey.pem -out careq.pem
openssl x509 -req -in careq.pem -sha256 -extensions v3_ca -signkey cakey.pem -out cacert.pem -days 3650
else
openssl req -newkey rsa:$KEYLEN -passout pass:password -subj /countryName=US/stateOrProvinceName=CA/localityName=SanFrancisco/organizationName=SplunkInc/commonName=SplunkCA/organizationName=SplunkUser/ -sha256 -keyout cakey.pem -out careq.pem
openssl x509 -req -in careq.pem -passin pass:password -sha256 -extensions v3_ca -signkey cakey.pem -out cacert.pem -days 3650
fi
#generate cacert.pem
# create root cert cacert.pen + rootKey.pem
cat cacert.pem cakey.pem > ca.pem
# wrap it all in a X509 cert
openssl x509 -subject -issuer -dates -noout -in ca.pem
Reference in new issue View Git Blame Copy Permalink

Powered by BW's shoe-string budget.